US Congressional Hearing Features Hikvision

By John Honovich, Published Jan 31, 2018, 12:55pm EST

A US Congressional hearing asked questions about Hikvision's government ownership and cybersecurity issues, following the WSJ's investigations into Hikvision.

Plus, Hikvision has issued a 'special bulletin' response to their dealers.

In this note, we examine the US Congressional hearing, share key clips from it, review Hikvision's response and the outlook going forward.

US Congressional *******

*** ** ************* ********* ** Small ******** **** * hearing ****** "***** ******** Information *******: ********* ******* Cyber *******" [**** ** longer *********] ** ******* 30th.

*** ******** ** *** Committee **** *** ******* remarks ** **** *** 'foreign *** ******' *** Hikvision:

** *** *&*, *** Chairman **** ***** ********* about *********'* ******* ********** ownership *** ************* ****** to ***:

******* *-**** ******* ***** recording** ******** *****:

Response - "********* ************ ******** ***** *******"

********* **** ******* '******* bulletin' ***** ***** *** same *** ****** "********* ************ Supports ***** *******":

*********'* ***** ******* *** Committee's ******** ** *********'* government *********, ****** ******** on ******* **** ** protect ******* ***** ******* and ***************.

Good *** *********

*** **** **** *** Hikvision ********:

  • **** *** ********* ******** brought ** *********. *** other officials *** ***.
  • *** ******** *** ********* on ********* **** ******* and *** *** **** or ***** *** **** details.
  • **** *** ** *** Small ******** ********* ****** than ******* ** ********-******* **** which ***** ***** **** problems *** *********.

Bad *** *********

*** *** **** ** that ***********, *** *** FBI (**** **********) **** talking ***** *********. *** more ********* ** *********'* obvious ******* ********** *******, the **** **** *** Hikvision's ****** ******* ** the ****** ******

*******

 

*** *** ****** ** what ******* ****. ** this ** ****** *** Congressman ****** ** **** a ***** *** ** one **** ** ** cares, **** ***** **** into * **** *** Hikvision. *******, ** **** US ********** ********* ***** ***** Hikvision *** *** ******* it ***** ** *** US, **** ***** ** the ********* ** * major ******* *** *** Chinese **********-***** *******. **** will ****.

Comments (9)

Undisclosed End User #1

01/31/18 06:22pm

IPVM, great job covering topics that are important to our industry.

Before I comment any further, I'm going to switch over to SSI's website and read more about this blow to Hikvision... (never to return)

Agree: 5
Disagree
Informative
Unhelpful: 2
Funny: 6

John Tran

01/31/18 10:02pm

This hearing did not talk about any discussion about national security threat US may face because of Chinese government ownership of Hikvision. The comment about 40% ownership made it sound like the security flaw is due to the fact that the company was owned by Chinese government.

Agree
Disagree
Informative
Unhelpful
Funny

John Honovich

IPVM | 02/03/18 03:53pm

Update: SIW did a post covering this: Congressional committee confronts effects of cyber crime on small businesses, key quote from Hikvision's Chuck Davis:

To put this in a broader context, finding vulnerabilities is not a reflection of the company’s commitment to security—fixing them is, which is why we worked with DHS throughout the process and issued the firmware update in March 2017—two months before the DHS issued its ICS-CERT. DHS acknowledged that the firmware update that has been readily available on our website since mid-March resolves the vulnerability.

That is a fascinating perspective since simply having a magic string backdoor raises grave concerns about the company's lack of commitment or competency in cybersecurity. Also, the reason Hikvision released the fix so soon was because we told Hikvision that IPVM was going to report on it immediately in March.

Agree
Disagree: 1
Informative
Unhelpful: 1
Funny
Avatar

Jonathan de Chateau

In reply to John Honovich | 02/03/18 04:38pm

They fixed it because Solely because IPVM would report it? I think you’re overestimating your impact John.

If there is someone who influenced it, it is the source that found it and reported it, not the one reporting on the reported problem.

Agree
Disagree: 1
Informative
Unhelpful: 1
Funny

John Honovich

IPVM | In reply to Jonathan de Chateau | 02/03/18 04:47pm

Jonathan, I said they "released the fix so soon" because of IPVM. That your counter to that is "They fixed it because Solely because IPVM" is intellectually incoherent.

Below is the email I sent to them on March 10 saying that we were publishing on Monday March 13th.

Sunday, March 12th, they emailed their dealers with the now clearly deceptive Hikvision 'Privilege-Escalating' Security Vulnerability notice.

I think you’re overestimating your impact John.

Actually, the opposite. Hikvision executives routinely blame IPVM for all of their public problems, literally. Various execs report this back to me. Hikvision has said similar to me. That noted, I disagree, the cause of their problems is mostly their factual Chinese government ownership and their poor historic approach to cybersecurity.

Agree: 1
Disagree
Informative
Unhelpful: 1
Funny
Avatar

Jonathan de Chateau

In reply to John Honovich | 02/05/18 07:49am

I was referring to your own statement above:

Also, the reason Hikvision released the fix so soon was because we told Hikvision that IPVM was going to report on it immediately in March.

 

Agree
Disagree
Informative: 1
Unhelpful
Funny

John Honovich

IPVM | In reply to Jonathan de Chateau | 02/05/18 12:18pm

I know what you were referring to Jonathan. That is exactly my point. I said it was the reason they "released the fix so soon", I never claimed, as you alleged, "They fixed it because Solely because IPVM".

Agree
Disagree
Informative
Unhelpful
Funny

Jay Hobdy

IPVMU Certified | In reply to Jonathan de Chateau | 02/03/18 06:33pm

Actually it is pretty apparent that IPVM has an impact on Hik. I have seen some of the posts where Hik refers to an online magazine. It is not hard to connect the dots.

 

 

Agree: 1
Disagree
Informative
Unhelpful: 1
Funny

John Honovich

IPVM | In reply to Jay Hobdy | 02/03/18 06:49pm

Related: 

Though, in the last few months, Hikvision has reduced public attacks against IPVM but certainly not because they like us any better. I believe they realized that their attacks were actually helping us.

Agree
Disagree
Informative: 1
Unhelpful: 1
Funny
Read this IPVM report for free.

This article is part of IPVM's 6,911 reports, 923 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports